VDB
ALPINE-CVE-2025-61915
ALPINE-CVE-2025-61915
PUBLISHED
CVSS 6.699999809265137 MEDIUM
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
Risk Scores
CVSS v3.1
6.699999809265137
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.20 | cups | 2.4.7-r2, 0, 1.4.1-r0 |
| Alpine:v3.21 | cups | 2.4.9-r0, 2.4.8-r0, 2.4.7-r3 |
| Alpine:v3.23 | cups | 2.4.0-r0, 1.4.3-r2, 0 |
| Alpine:v3.22 | cups | 0, 2.4.9-r0, 2.4.8-r0 |
Timeline
- Nov 29, 2025 CVE Published
- Jan 26, 2026 CVE Updated
- Apr 30, 2026 Distribution Patch